Accessing items via rest API through myopenhab using OAuth 2

llegovich · July 24, 2020, 12:31pm

Hi,
I’m using alexa skill to interact with my openHAB installation via myopenhab.org. It works great but due to current limitations of the smart home alexa model, I’m not able to get all the answers I’d like from my smart home. For example, AFAIK there is no way to get current power consumption or you need to implement workarounds.
One of the workarounds I used was to attach a rule to the LastVoiceCommand event to parse the question and TTS out a speech with the current power consumption. But alexa doesn’t stop processing the command so what I get as a reply is something like “I don’t know…” interrupted and then “Your power consumption is currently 2.3 kW”. Not nice.
So - even if I know nothing about node.js - I tried to write my personal alexa skill in order to ask questions like “Alexa, ask Mister John what the current power consumption is”.

So my problem now is that I’m not able to perform OAuth 2 authentication to myopenhab.org as I’m not sure what client ID / secret pair I should use to authenticate the skill.

Is this Client ID / secret pair something that has to be stored in myopenhab.org? Any way to create one?

I think this not related to the request coming from an alexa skill, it could be any other UI on the web trying to access the apis,

thx

Wolfgang_S · July 24, 2020, 7:06pm

Check if OAuth2 using just OH Rules and myopenhab.org helps.
Alternatively you may try to access the REST API to read out your item. Authentication can be done by using email address and your password. I am doing that to access my own openhab-cloud instance.

llegovich · July 24, 2020, 7:20pm

My understanding is that this article talks about openHAB accessing external APIs not the opposite, am I wrong?

I tried this one but it doesn’t seem to work with myopenhab instance.

Wolfgang_S · July 24, 2020, 9:31pm

Could you describe a bit more in detail what you tried and what does not work ?
In case you login manually to myopenhab instance do you get access to the /rest/items via browser ?
What also should be possible is to run an alexa skill locally e…g. on openhab instance and access the /rest/items on your local server.

llegovich · July 25, 2020, 6:15am

I write the encoded URL in the web browser and I’prompted to provide credentials or I get e message Unauthorized. I tried

https://<email address>:<password>@home.myopenhab.org
https://<email address>:<password>@myopenhab.org

With or without https or http.
I couldn’t make it work even in the browser.

llegovich · July 25, 2020, 6:31am

Yes all items are accessible.

Wolfgang_S · July 25, 2020, 9:07am

Try this one:

curl -q -o - --user  '<email address>:<password>' https://<hostname>/rest/items/<itemname>

The result that will be returned via STDOUT will be json formatted.

llegovich · July 25, 2020, 10:36am

mmm, it works from my raspberry but it doesn’t from Windows command line (my Win pc is in the same LAN as my RBPI). I get “Unauthorized” from the Windows command line.
I also tried this node.js script in the alexa skill

function httpGet() {
return new Promise(((resolve, reject) => {
    var options = {
        host: 'myopenhab.org',
        path: '/rest/items/Energy_PowerConsumption/state',
        method: 'GET',
        headers: {
            'Authorization': 'Basic <username>:<password>'
        },
    };

    const request = https.request(options, (response) => {
        response.setEncoding('utf8');
        let returnData = '';

        response.on('data', (chunk) => {
            console.log("**CHUNK");
            returnData += chunk;
        });

        response.on('end', () => {
            console.log("**END");
            resolve(returnData);
        });

        response.on('error', (error) => {
            console.log("**ERROR");
            reject(error);
        });
    });
    
    request.end();
}));

}

and I get “Unauthorized” as a result.
Any ideas?

EDITED
changing the ‘authorization’ option in node.js it works now:

headers: {
    'Authorization': 'Basic ' + new Buffer('<username>:<password>').toString('base64')
},

still don’t understand why it doesn’t in windows command line but probably I don’t care.
thanks @Wolfgang_S !!!

Wolfgang_S · July 25, 2020, 11:23am

Try to use double quotes ( " ) instead of single ( ’ ) quote on windows command line.
I just copied the example from my Linux instance without taking into account that the single quotes could be a problem on windows system…

JanK · October 30, 2020, 11:01am

Hi everyone,

Why am I posting here?

I found this topic during a search on OAuth2 and myopenhab. The topic of my question would be exact the same, so I decided adding my question here. If creating a new topic is the prefered way, please let me know. “Keep the community clean” can mean both.

Problem description

I stared a redux-react application to get practice writing react components. The application works fine, including live updates with the event source. The first version is just running in my network, so no auth is required. The next step is moving the application into the internet. Using the basic-auth works fine and everything seems nice. But I think it is not. To make basic-auth requests, I need to store my passord as clear text in a cookie. This is Ok for a toy example but to practice writing good code it is a shame.
As I understand myopenhab, the project provides an OAuth2. Which means, I can login and store the session token for other requests.

Question

My question in mind is: Is it possible to register my own applicaiton in myopenhab and login in with OAuth2 to use the token for other requests? A more open question is: Is the intended soltion the way to go?

Thank you for reading this and perhaps support me with an answer.
Kind regards
Jan

Bruce_Osborne · October 30, 2020, 11:30am

I know there is some OAuth2 support in OH3 but I am not sure of the details. @ysc is probably the most knowledgeable on that.

ysc · October 30, 2020, 3:37pm

@JanK is talking about the OAuth2 support in openHAB Cloud / myopenhab.org which I seem to remember can also work with OAuth2 (there’s an Applications menu), but I have no clue how to register one. Maybe @digitaldan or @MARZIMA can elaborate.

JanK · October 30, 2020, 6:45pm

Hi @Bruce_Osborne and @ysc,

thank you for the support and input.

@Bruce_Osborne I also read about autherization in OH3. But you wrote that only Admins require a login. But well, an itegration to OH3 would be a nice solution for my problem. Then I have to switch priorities and first upgrade to OH3 before continuing my project.

@ysc The OAuth2 support in myopenhab is what I was looking for because it is available today. My account in myopenhab shows no application and no button to add one. I already went one step depper into the search and had a look into the code of myopenhab. I found code and URLs for OAuth2 including the database requests for the scope and client id. What I am still looking for is code to insert something into the database.

Untill further ideas I will update OH to v3. This is obvisly the best plan anyway. Perheps I find a way to use this system. All users of my own little app are trustworthy and can get admin access if needed. At least it is an improvment of storing the password in a coockie.

Thank’s everyone

Bruce_Osborne · October 30, 2020, 7:55pm

Yes. Some things are readonly by default and others require an Admin login. Currently, there is no other user level, I believe.

MARZIMA · November 3, 2020, 12:06am

Correct, You can use OAuth2 in myopenhab. But you need to configure it in the mongo database. We give 3rd Parties e.g. Google Assistant access by that way too.

Bruce_Osborne · November 3, 2020, 12:09am

There is also basic auth available for the API. HABApp uses that.